Extracted

• • Target

    MV AGRIA CALLING CHANGSHU AGENCY APPOINTMENT.bin

  • Size

    1.3MB

  • MD5

    7c827bdc7085004ed0c850556496fd5b

  • SHA1

    9208c54d898bc5a28f7cd0dd434315681ce8e2ef

  • SHA256

    c230f8806524febe04ac6856d1629d92b5c3513f601b3e39bac2c7f32c0ac4a4

  • SHA512

    6a1bdd8ec34185d7f39a3a1b342ce75cd3395566c7c77054ce310d8d82b6708dd8cfe64303ea70565fe079afd10f29ba519c7a9b2603e2bf0eccd41e9c2e0433

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2